Data Race in Linux Kernel Netlink Implementation
CVE-2023-53853

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2023-53853?

A data race vulnerability in the Linux kernel's netlink implementation poses risks by allowing simultaneous read and write operations on the nlk->cb_running variable. The issue arises in functions netlink_recvmsg and netlink_native_seq_show, which access this variable without proper synchronization. This can lead to unexpected behavior and stability issues within kernel operations. Developers are urged to apply the latest patches that include READ_ONCE and WRITE_ONCE mechanisms to mitigate this vulnerability.

Affected Version(s)

Linux 16b304f3404f8e0243d5ee2b70b68767b7b59b2b

Linux 16b304f3404f8e0243d5ee2b70b68767b7b59b2b < 840a647499b093621167de56ffa8756dfc69f242

Linux 16b304f3404f8e0243d5ee2b70b68767b7b59b2b

References

https://git.kernel.org/stable/c/e25e9d8a210ed78bdf0f36457...

https://git.kernel.org/stable/c/840a647499b093621167de56f...

https://git.kernel.org/stable/c/a507022c862e10744a92c4bf5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

JSON